US military opens 'Hack the Pentagon' program

US Secretary of Defense Ashton Carter (left) said the initiative was designed to "strengthen our digital defences and ultimately enhance our national security"

Samuel Corum/Anadolu Agency/Getty Images

The Pentagon has launched an initiative that challenges vetted hackers to break into government systems.

The "Hack the Pentagon" scheme, the first ever program of its kind developed by the federal government, has been designed to test the strength of the US's cyber defences. Full details of the initiative have not been announced, but hackers could be financially rewarded if they find major flaws.

Advertisement

So-called "bug bounties", where white-hat hackers are rewarded for finding and reporting security problems, are already used by companies such as Google, Facebook, Microsoft and Yahoo. Financial rewards for such programs range can top $100,000, with Facebook paying out more than $3 million since its bug bounty was launched in 2011.

An application page describing the "Hack the Pentagon" program explains that the pilot will start on April 18 and end on May 12. "If you have information related to security vulnerabilities in the online services listed in scope below, we want to hear from you," the page reads.

Read next

Why can't Twitter stop Elon Musk bitcoin scams? It's complicated

ByNicole Kobie

One senior official speaking to Reuters claimed that thousands of participants were expected to join the initiative.

While the "Hack the Pentagon" program is a first for the federal government, the US has long been a customer in the black market for software bugs. Documents released by whistleblower Edward Snowden suggest the National Security Agency spends $25 million a year buying bugs for use in its surveillance operations.

Advertisement

The Pentagon already uses its own internal security experts to test its networks, but it is hoped that opening up to vetted outsiders will help spot and remove more weaknesses.

Reuters reports that participants will have to be US citizens and submit to background checks before being given access. The Pentagon said that more sensitive networks would not be included in the program to begin with.

Security researchers have repeatedly called on the US government to take inspiration from major technology firms and introduce a bug bounty program. If the Pentagon does introduce financial rewards, it would be the first government-funded initiative of its kind in the world.

Read next

This UK pub chain left 17,000 customer details exposed online

ByNicole Kobie

The "Hack the Pentagon" program is a first for the US government

STAFF/AFP/Getty Images

The program is being led by the Pentagon's Defense Digital Service, which was set up in November 2015 to work more closely with the technology industry. The announcement of the initiative comes months after two US army captains argued for the creation of a bug bounty for the military.

In October 2015 Captain Rock Stevens and Captain Michael Weigand published a paper calling on the US Army to establish a central program for disclosing software vulnerabilities on military systems.

The paper, published on Cyber Defense Review, claimed the current system for researchers reporting bugs was "fraught with danger and trepidation". People were "hesitant to disclose known vulnerabilities in systems out of a fear of reprisal," the paper noted.

Advertisement

In a statement issued to Reuters, US defence secretary Ashton Carter said the Hack the Pentagon initiative was designed to "strengthen our digital defences and ultimately enhance our national security".

The decision to create a bug bounty program comes after a damaging year for America's cyberdefences. In 2015 Russian hackers gained access to unclassified Pentagon computer systems, with sophisticated cyberattacks also targeting digital infrastructure inside the White House.

Hackers linked to the Chinese government also stole personal information from background checks on 21.5 million Americans, including the fingerprint data on 5.6 million federal employees.